lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87frpegboy.fsf@oldenburg.str.redhat.com>
Date: Wed, 02 Oct 2024 10:18:21 +0200
From: Florian Weimer <fweimer@...hat.com>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: Indu Bhagat <indu.bhagat@...cle.com>,  Josh Poimboeuf
 <jpoimboe@...nel.org>,  x86@...nel.org,  Peter Zijlstra
 <peterz@...radead.org>,  Ingo Molnar <mingo@...nel.org>,  Arnaldo Carvalho
 de Melo <acme@...nel.org>,  linux-kernel@...r.kernel.org,  Mark Rutland
 <mark.rutland@....com>,  Alexander Shishkin
 <alexander.shishkin@...ux.intel.com>,  Jiri Olsa <jolsa@...nel.org>,
  Namhyung Kim <namhyung@...nel.org>,  Ian Rogers <irogers@...gle.com>,
  Adrian Hunter <adrian.hunter@...el.com>,
  linux-perf-users@...r.kernel.org,  Mark Brown <broonie@...nel.org>,
  linux-toolchains@...r.kernel.org,  Jordan Rome <jordalgo@...a.com>,  Sam
 James <sam@...too.org>
Subject: Re: [PATCH v2 03/11] unwind: Introduce SFrame user space unwinding

* Steven Rostedt:

> On Tue, 1 Oct 2024 11:20:35 -0700
> Indu Bhagat <indu.bhagat@...cle.com> wrote:
>
>> > So we trust user space to have this table sorted?
>> >   
>> 
>> GNU ld will create this table sorted when linking .sframe sections and 
>> will set SFRAME_F_FDE_SORTED in flags in the output .sframe section.  In 
>> the current patch, I see the __sframe_add_section () includes a check 
>> for SFRAME_F_FDE_SORTED for admitting SFrame sections.
>> 
>> So proceeding here with the assumption that the SFrame FDE list is 
>> sorted should work fine.
>
> No not at all! We *cannot trust* user space. This could lead to a security
> hole if we assume it's sorted. The kernel must not trust anything it
> receives from user space. Because an attacker will be looking for ways to
> confuse the kernel to exploit it.

I don't quite understand, sorry.

Doing a binary search on an unordered table fails to find some entries
that could be discovered by a linear scan.  But an attacker could just
as well use an incomplete table from the start.  So assuming an ordered
table seems rather unlikely to introduce additional problems.  (Given
the lack of a formal threat model, it's impossible to make more precise
claims in either direction.)

Thanks,
Florian


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ